Overview

overview

10

Static

static

8

document-1...43.xls

windows7_x64

10

document-1...43.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1560494543.xls

  • Size

    331KB

  • Sample

    201126-5ecmk4cyl2

  • MD5

    af998d0bba14c3d33723726cb9fb7002

  • SHA1

    0179a0888d600b26d90c3b06bd76061f62a3874d

  • SHA256

    cb24cc7ce0e3513e95fb08de1105887e7f374ed71b0c5ef1dee7310c87eccdef

  • SHA512

    9fea5133f80f4ba39150249927dbde4a83ac020ac3d878396346dc1ad71ac79d9fc4d7f7a247b3df153a4bff2ce947e81e34f7320f940674d95ddf23b1201045

Score
10/10
macro

Malware Config

Targets

    • Target

      document-1560494543.xls

    • Size

      331KB

    • MD5

      af998d0bba14c3d33723726cb9fb7002

    • SHA1

      0179a0888d600b26d90c3b06bd76061f62a3874d

    • SHA256

      cb24cc7ce0e3513e95fb08de1105887e7f374ed71b0c5ef1dee7310c87eccdef

    • SHA512

      9fea5133f80f4ba39150249927dbde4a83ac020ac3d878396346dc1ad71ac79d9fc4d7f7a247b3df153a4bff2ce947e81e34f7320f940674d95ddf23b1201045

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks